How severe is CVE-2019-11742?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2019-11742?

This is classified as CWE-829, which is a common weakness in software security.

CVE-2019-11742 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A same-origin policy violation occurs allowing the theft of cross-origin images through a combination of SVG filters and a <canvas> element due to an error in how same-origin policy is applied to cached image content. The resulting same-origin policy violation could allow for data theft. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1.

Related Vulnerabilities

CVE-2013-4582

MEDIUM

CVSS:6.5(Medium)

The (1) create_branch, (2) create_tag, (3) import_project, and (4) fork_project functions in lib/gitlab_projects.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition befor...

CWE-8292013

CVE-2018-8351

MEDIUM

CVSS:6.5(Medium)

An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Int...

CWE-8292018

CVE-2020-22474

MEDIUM

CVSS:6.5(Medium)

In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion.

CWE-8292020

CVE-2021-26271

MEDIUM

CVSS:6.5(Medium)

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs plu...

CWE-8292021

CVE-2021-26272

MEDIUM

CVSS:6.5(Medium)

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink plugi...

CWE-8292021

CVE-2021-30121

MEDIUM

CVSS:6.5(Medium)

Semi-authenticated local file inclusion The contents of arbitrary files can be returned by the webserver Example request: `https://x.x.x.x/KLC/js/Kaseya.SB.JS/js.aspx?path=C:\Kaseya\WebPages\dl.asp` A...

CWE-8292021